From d6f9b4879709a3867caf3a8eb466fc41d0e8f05c Mon Sep 17 00:00:00 2001
From: Jun-te Kim <juntekim@googlemail.com>
Date: Mon, 30 Mar 2026 15:44:52 +0000
Subject: [PATCH] depploy hubspot etl registry

---
 infrastructure/terraform/shared/main.tf | 31 +++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/infrastructure/terraform/shared/main.tf b/infrastructure/terraform/shared/main.tf
index 486f79ca..5a396b3a 100644
--- a/infrastructure/terraform/shared/main.tf
+++ b/infrastructure/terraform/shared/main.tf
@@ -574,3 +574,34 @@ output "cdn_certificate_state_bucket" {
   value = module.cdn_certificate_state_bucket.bucket_name
 }
 
+
+################################################
+# Hubspot ETL Lambda
+################################################
+module "hubspot_etl_bucket" {
+  source      = "../modules/tf_state_bucket"
+  bucket_name = "hubspot-etl-bucket-terraform-state"
+
+}
+
+module "hubspot_etl_registry" {
+  source = "../modules/container_registry"
+  name   = "hubspot_etl"
+  stage = var.stage
+
+}
+
+# S3 policy for postcode splitter to read from retrofit data bucket
+module "hubspot_etl_s3_read_and_write" {
+  source = "../modules/s3_iam_policy"
+
+  policy_name        = "HubspotETLReadandWriteS3"
+  policy_description = "Allow ordnance Lambda to read and write from retrofit-data bucket"
+  bucket_arns        = ["arn:aws:s3:::retrofit-data-${var.stage}"]
+  actions            = ["s3:GetObject", "s3:ListBucket", "s3:PutObject"]
+  resource_paths     = ["/*"]
+}
+
+output "ordnance_s3_read_and_write_arn" {
+  value = module.hubspot_etl_s3_read_and_write.policy_arn
+}